Windows malware dominates Mac malware detection chart

Malicious files that use the the scripting capability of Microsoft Media Player to infect Windows machines have emerged as the main threat detected on the machines of Apple users who have taken advantage of Sophos' recent offer of a freebie anti-malware scanner application.

The Windows-specific threat - identified by Sophos as ASDFDldr-A - typically comes in the form of maliciously constructed and padded media files that pose as music files from the likes of Lady Gaga and Madonna. It is only when these malicious files happen to be executed on Windows PCs that anything bad happens. Nonetheless it's better that these malicious media files are identified and removed than left lying around.

On Windows boxes, the malicious files use the scripting capability of Microsoft Media Player to redirect users to a booby-trapped website instead of playing the media content users were hoping to enjoy.

Java-based attacks also appear high in instances of malicious scripts detected by the Sophos security scanner, which was released earlier this month. These cross-platform scripts were typically found in the internet caches of Mac machines. "Many of these might have been designed to download further Windows-based attacks to computers, but they could easily be adapted to download Mac-based threats too," Sophos warns.

The security tool available here has also identified limited instances of Mac OS X-specific malware, Jahlav and DNS Changer. These well-known Mac Trojans are typically disguised as codecs supposedly needed to display video content. Routes to infection include maliciously constructed downloads on BitTorrent sites as well as supposed warez and prOn sites under the control of hackers.

The infamous Conficker worm also edges into the chart, appearing in 19th place. Conficker has no effect on Macs but it does spread via USB drives. Mac users probably got infected after their friends or colleagues with infected Windows machines shared an infected thumb drive with them. The malware has no effect on Mac machines except to make them a carrier of the malware, which can be spread onto previously uninfected Windows boxes when files are subsequently shared either via a USB drive or over the network.

Stats of the number of infections encountered or the percentage of Mac boxes discovered as harbouring malware are not available. The stats show that even the frequently encountered threat (ASDFDldr-A) crops up in just 4.62 per cent of infections reported to Sophos, a sharp contrast the monthly Windows malware charts in the past when one or two prevalent threats typically dominate.

Many of the nasties found on Mac boxes are actually incapable of causing harm on a MacBook or other Apple PCs. The only problem arises if malicious content (only capable of infecting Windows boxes) is shared.

In many ways the Sophos security scanner serves the same useful purpose as anti-virus scanners for Linux servers – by preventing the further spread of Windows-specific malware.

But even though instances of Mac malware remain rare, that's no reason for complacency.

"There is much less Mac malware than Windows malware, but that doesn't mean that Mac users should be blase about protecting their computers," said Carole Theriault, senior security consultant at Sophos.

The Mac malware prevalence stats come from the 150,000 active users of Sophos Anti-Virus for Mac Home Edition who have downloaded and updated the anti-malware software since its launch on 2 November. The security software is among the top 10 most downloaded products from Apple's download site and the most popular application from its networking and security section. ®